Joomla! Movm Component "id" SQL Injection Vulnerability

SECUNIA ADVISORY ID:
SA50109

VERIFY ADVISORY:
Secunia.com
http://secunia.com/advisories/50109/
Customer Area (Credentials Required)
https://ca.secunia.com/?page=viewadvisory&vuln_id=50109

RELEASE DATE:
2012-08-01
DESCRIPTION:
A vulnerability has been reported in the Movm component for Joomla!,
which can be exploited by malicious people to conduct SQL injection
attacks.

Input passed via the "id" parameter to index.php (when "option" is
set to "com_movm", "controller" is set to "product", and "task" is
set to "product") is not properly sanitised before being used in SQL
queries. This can be exploited to manipulate SQL queries by injecting
arbitrary SQL code.

SOLUTION:
No official solution is currently available.

PROVIDED AND/OR DISCOVERED BY:
Daniel Barragan (D4NB4R)

ORIGINAL ADVISORY:
http://packetstormsecurity.org/files/115164/Joomla-Move-1.0-SQL-Injection.html

RECENT ARTICLE

RECENT POST